Directory
1. Introduction to DNS
2. Functions provided by the DNS server
3. Distributed, hierarchical database
4. DNS query method
5. DNS cache and authoritative DNS server record update
6. DNS records
7. DNS message
8. Insert record in DNS database
9. DNS attack
1. Introduction to DNS
Name: Domain Name System
DNS is:
1) A distributed database implemented by a hierarchical DNS server;
2) An application layer protocol that enables hosts to query distributed databases.
The DNS protocol runs over UDP, using port 53.
2. Functions provided by DNS server
1) It can convert hostname to IP address
2) Support the use of host aliases
A host can have a canonical hostname and multiple host aliases.
3) Support mail server to use alias
For example: Allowing a company’s mail server and web server to use the same hostname.
4) Capable of load distribution
DNS enables load distribution among redundant servers. In a server cluster, each server has a different IP address, and these IP addresses are associated with the same canonical hostname. When a client makes a DNS request for the canonical hostname, the DNS server cycles through these IP addresses in each answer — round robin.
3. Distributed, hierarchical database
Q: Why not use a centralized DNS?
That is, only one DNS server is used on the Internet, and that server contains all the mappings. Clients send all queries directly to a single DNS server, which responds directly to all querying clients.
But problems include:
- Single point of failure: as long as that DNS server crashes, it can bring down the global network!
- Huge traffic: had to handle all DNS queries.
- Long-distance centralized database: long-distance causes serious delay.
- Maintenance: Had to update frequently to account for the addition of each new host.
Therefore, DNS adopts a distributed design scheme.
Distributed, hierarchical database
1) Root DNS servers
Function: The root DNS server provides the IP address of the TLD server.
There are 13 real root DNS servers in the world, and their names are:
A.root-servers.net 198.41.0.4 USA B.root-servers.net 192.228.79.201 United States (also supports IPv6) C.root-servers.net 192.33.4.12 France D.root-servers.net 128.8.10.90 USA E.root-servers.net 192.203.230.10 United States F.root-servers.net 192.5.5.241 United States (also supports IPv6) G.root-servers.net 192.112.36.4 USA H.root-servers.net 128.63.2.53 United States (also supports IPv6) I.root-servers.net 192.36.148.17 Sweden J.root-servers.net 192.58.128.30 USA K.root-servers.net 193.0.14.129 UK (also supports IPv6) L.root-servers.net 198.32.64.12 USA M.root-servers.net 202.12.27.33 Japan (also supports IPv6)
The remaining root DNS servers are mirror images of the above 13 root DNS servers.
Total 1092 root DNS servers (as of March 12, 2020)
2) Top-level domain (TLD) DNS server
Function: The top-level domain (TLD) DNS server provides the IP address of the authoritative DNS server.
The TLD DNS server is responsible for:
- Top-level domain names, such as: com, org, net, edu, etc.
- Top-level domains for all countries: uk, fr, cn, jp, etc.
The company responsible for maintaining the DNS servers for the TLD:
- Network solutions company maintains TLD servers for the com top-level domain
- Educause Corporation maintains TLD servers for the edu top-level domain
3) Authoritative DNS server
Function: Save DNS records, DNS records can map host names to IP addresses.
Every organization with publicly accessible hosts on the Internet must provide publicly accessible DNS records that map the names of those hosts to IP addresses. An organization’s authoritative DNS server is responsible for maintaining these DNS records.
Most universities and large corporations implement and maintain their own primary and secondary authoritative DNS servers.
plus. Local DNS server
Similar to a web cache.
Strictly speaking, a local DNS server does not belong to the above hierarchy, nor can a domain name be registered on a local DNS server. But it is crucial to the above hierarchy.
Every ISP has a local DNS server, also called a default server. When a host makes a DNS request, the request is sent to the local DNS server, which acts as a proxy and forwards the request up the hierarchy described above.
4. DNS query method
1) Recursive query
- Layer-by-layer reporting: As long as this layer does not exist, request the next layer.
- The burden of domain name resolution is transferred to the DNS server being queried.
- The uestc DNS server helps my host continue to request the upper layer, and my host does not need to request anymore.
2) Iterative query
- Throwing query: “I don’t know its name, but you can ask XX server”
- The queried DNS server replies with the IP address of the DNS server that can be queried.
- The uestc DNS server told me to find the edu DNS server.
plus. actual situation
The query from my host to the uestc DNS server is recursive, the rest of the queries are iterative. That is, I throw the request to the uestc DNS server, which helps me ask for the IP address of www.yahoo.com one by one, and then pass the IP address to my host. Impressed woo woo woo
5. DNS cache and authoritative DNS server record update
1) When a DNS server receives a DNS mapping, it caches the mapping in local storage.
- The server will discard the cached information after a certain time
- A local DNS server can cache the IP address of the TLD server
- Therefore, the root DNS servers are not frequently accessed
2) Authoritative DNS Server Record Update: IETF Dynamic Update/Notification Mechanism [RFC 2136]
6. DNS Record
RR (resource record, resource record) provides a mapping from a host name to an IP address and is stored in a DNS server.
RR format: (name, value, type, ttl) ttl: time-to-live, is the time to live of the record
| type | A | CNAME | NS | MX |
|---|---|---|---|---|
| name | canonical hostname | host alias | domain name | Mail server host alias |
| value | IP Address | canonical hostname | The hostname of the corresponding authoritative DNS server | Canonical hostname of mail server |
| Remarks | host alias->canonical hostname-> IP | domain name->authoritative DNS server->canonical host Name->IP |
Example
1) The authoritative DNS server will contain a type A record for the hostname;
2) The non-authoritative DNS server will contain a type NS record, the name of which is the domain name containing the host name; it also contains a type A record, which provides the IP address of the DNS server in the value of the NS record .
yahoo DNS: (www.yahoo.com, IPwyc, A)
com DNS: (yahoo.com, yahoo DNS, NS)
(yahoo DNS, IPydns, A)
7. DNS packet
There are only two kinds of messages: query message and response message, and they have the same message format.
Message Header
1) Identifier: 16 bits, the query message and the response message use the same identifier
2) Logo: It is composed of several logos, which respectively identify different functions
- Query/Response – 0/1
- Query Hope Yes/Non-Recursive Query – 1/0
- Response yes/no to get recursive query – 1/0
- Answer yes/no from authoritative name server – 1/0
8. Insert record in DNS database
Let’s say I’ve just started an exciting startup called “The Shorty King”.
1) Register the domain name izone.com with the registrar
I need to provide the names and IP addresses of my primary and secondary authoritative DNS servers. The registry inserts the following two resource records into the registry’s DNS system:
(izone.com, dns1.izone.com, NS) (dns1.izone.com, 212.212.212.1, A)
The registry inserts these RRs into all TLD com servers.
2) Enter the RR of the web server
If I want to make a website, I can type A the URL www.izone.com into my authoritative DNS server dns1.izone.com.
(www.izone.com, 212.212.0.1, A)
3) Enter the RR of the mail server
If I want to set up a mail server, I can record mail.izone.com as type MX to my authoritative DNS server dns1.izone.com.
(izone.com, mail.izone.com, MX)
9. DNS attack
1) Using DNS to implement DDoS attacks
Forged customer addresses to send requests to a large number of DNS servers, resulting in customers being unable to access DNS servers for domain name resolution.
2) Redirection attacks: man-in-the-middle attacks, DNS poisoning attacks (send false domain name resolution results to DNS servers)
For example: a customer wants to log in to the official website of the Bank of Communications, but his DNS request is intercepted by a hacker, and the hacker returns a false domain name resolution result to the customer. The customer enters a website according to the fake domain name analysis result, which looks exactly the same as the official website of the Bank of Communications. Customers are unaware of any problems and will enter their bank account numbers and passwords on the site.